SecuraBit Episode 11

This week Anthony Gartner & Rob Fuller discuss the latest computer security news.  Special guests are Vyrus and CP from the dc949.org group.

Episode 11

Discussions covered the following topics:

Skynet, Advanced Dork, Google Site Indexer, These tools work worked on by CP and Vyrus and the dc949 group and are written as open source.

Rob brought up a Firefox add on called Barrier

Spoke of how we can use google alerts to help us in our daily tasks to track where our information is being sent out to.

Discussion ensued about Scroogle.org not to be confused with scoogle.com and how you can do secure searching though the site and that the site purges logs with in 48 hours.

A mention of Cisco was brought up and we also spoke of a visualized version for the Cisco Mips processors and the specific virtualized version of the Cisco 7200 Routers.

BlackBerry Encryption keys may be in the hands of the Indian Government as part of the deal with Rim.

SecuraBit Episode 10

(Apologies in advance for the short term ‘wiki’ look of these show notes, the public wiki will be up soon!)

This week Anthony Gartner, Chris Gerling, Chris Mills, Jason Mueller discuss the latest computer security news.  Special guest, Chris Wilson, talks about the increase of traffic on port 808.

Episode 10 – A milestone!

We are all still alive even though the CERN Particle Collider has been started up.

OpenSource Projects, Software, Patches

Obama Sex Video Spam

New SecuraBit VPS! (We have since cancelled and will be moving to something else soon)  

     Linode with CentOS. However, no SELinux available

     For CentOS help go to: #CentOS on irc.freenode.net

Tips for configuring the new server:

     -Disable root login on ssh

     -Good passwords

     -Lock down all unnecessary ports

The Securabit guys started using the CentOS distribution because of its interconnections with Snort

     See InternetSecurityGuru.com for details on how to configure Snort on CentOS

In non-security related news:

     Steve Jobs Apple Special Event “Let’s Rock”

     Apple did update QuicktTime and Bonjour

     Netbooks are everywhere: Even Commodore joins Netbook Crowd

Google Chrome:

     Milworm Chrome Exploit/Vulnerabilities: Six different Exploits/Vulnerabilities to date

     Germany says do not use Google Chrome

Other news:

New Microsoft/Jerry Seinfeld commercial analysis

New Microsoft Mouse

BREAK

Anthony recently had a laptop theft and recommends the following sites to learn how to secure your computer:

     Schneier and portable device security

     Risk of losing portable devices

Latest happenings with Securabit Looking for a Team and mentoring atmosphere Coming soon: New Site/wiki/forums on a VPS

Chris Mills talks about his employer Security Expo where they showed off Rainbow Tables/Ophcrack and Driftnet

BREAK

Special Guest: Chris Wilson

   Port 808 traffic is up over the last 24 hours.
   WinHole Trojan is what was noted as causing this traffic in the past.   

Palin Yahoo Email Hacked

Numerous reports have been flying around the intertubes that Sarah Palin’s personal Yahoo email was hacked and items from her mailbox were posted on the internet.  Wikileaks states that the email was hacked around midnight Tuesday Sept. 16th by persons affiliated with the group ‘anonymous‘.  Numerous screenshots, contacts, and family photos have been posted on the Wikileaks website.  It is interesting that she was just asked a few days earlier to release over 1000 emails from the same private account she has been apparently using conduct government business.  

Chris Eng (guest on Securabit Episode 7) has posted some commentary on what he thinks might have happened to the account.  What are your thoughts on this matter?  Is this all fair game and the whole mailbox should be released or just despicable?

UPDATE: Apparently ‘Anonymous’ might not be too anonymous for long.  The screenshot posted listed almost the whole proxy address, which will make it much easier to find in a log.  Unless they used their neighbors wi-fi. 🙂

SecuraNibble: Snort Sensor Tutorial

Chris Wilson brings us some Snort goodness with this 37 minute tutorial on how to build a snort sensor from scratch using CentOS.

I hope this is of use to everyone, it is very very well done!

In Remembrance

Today marks 7 years ago that we lost so many fellow americans in the horrific attacks which unfolded that day.  Think about them, and also think about our troops.  Without their sacrifice we would not be able to do things like drink beers and talk about security on Skype every couple of weeks.

To those who serve us, we salute you.

Episode 10 recording notice and streaming!

We will be steaming Ep 10 live tonight at around 7:30PM EST.  Feed urls will either be ChrisAM’s, mubix’s, or both. 🙂

Join us as well on IRC at irc.freenode.net #securabit

SecuraByte Episode 3

Last night we did a spontaneous hour long interview with the guys from HacDC, a Hackerspaces group.

Hosts:
Rob Fuller – Mubix

Chris Mills – ChrisAM

Chris Gerling – Hak5Chris

Guests:

Nick Farr – Treasurer HacDC
Mitch Altman – NoiseBridge San Francisco, Hackerspace
Bryce - HacDC

HacDC and Hackerspaces.

What is a Hackerspace?: Physical space where hackers make things, in
person place to do things rather in addition to online.  People can
work on their own projects and collaborate with others.

Mitch has been working on Brain machines.

Tips on how to start a hackerspace:

– Visit a hackerspace

Document on Hackerspace design patterns (PDF).

– Go to Visit: Hackerspaces.org and email questions about getting started to [email protected]

– Last Hope Talk: Building Hacker Spaces Everywhere: Your Excuses are Invalid – Nick Farr and Friends (MP3).

If I am not a member, can I go: Yes!

Some hackerspaces mentioned:

NY Resistor (New York City)
C-base (Berlin Germany)
The Hacktory (Philadelphia)

Mitch working on SF Space, NoiseBridge
Join the NoiseBridge email list

Intersting Hackerspace projects:

Blinkenlights

Project Blinkenlights was a light installation in the Haus des Lehrers
building at the Alexanderplatz in Berlin that transformed the building
front into a giant low-resolution monochrome computer screen.

tmplab - Paris, France Hackerspace (French)

Columbia heights Wireless

The Columbia Heights Wireless Project aims to provide wireless access to
the Internet to HacDC’s neighbors in Columbia Heights. This project, in
three phases, will help test different technologies and methods for
providing this access as well as building local neighborhood IT
infrastructure.

New Season of Hak5!

A new season of Hak5 just began with a bang with Securabit’s own Mubix showing off the open source forensics and intelligence gathering tool Maltego.  Look for future shows featuring both Mubix and Chris Gerling.

SecuraBit Episode 9

On this episode of SecuraBit:

Multiboot Security DVD

Mubix posted an awesome link on his blog to a Multiboot Security DVD that allows you to boot common security distros, all on one medium!
OS Choices:

Make it into a bootable (NTFS formatted) USB stick using Unetbootin

Some distros the Securabit guys would like to see added:

  1. Helix
  2. Intelguardian’s Samurai

RedHat/Fedora OpenSSH Compromises

As noted on the Securabit website, a Fedora and Red Hat Enterprise Linux servers were compromised.

The ComputerWorld Blog – Linux Security Idiots article explains how the servers were compromised

  • Stolen SSH keys are used to gain access to the system
  • After that, rootkit “phalanx2” is installed and steals more SSH keys
  • Obviously this could be used to install any malware at all

The RHEL offshoot CentOS was not affected by the compromise.

Joomla Vulnerability


(Read More…)

Google Chrome

Google Chrome has generated a lot of press in the day since it was released on Tuesday.  It gained over a 1% market share in under 24 hours.  Some of the interesting tidbits from a risk/security standpoint:

Controversial EULA:

Google Chrome debuted with an extremely controversial EULA that basically says everything you do with the Chrome browser belongs to Google.  They have since adjusted the EULA to remove some of the strongly worded sentences, but this might just have given us a peak into Google’s world domination plot?

Vulnerabilities:

It seems that only mere hours after the Chrome browser was available for download, vulnerabilities started showing up.  Some of them as simple as a browser crash, others as serious as carpet-bombing.  This is actually not too surprising since Chrome is based off the same version of WebKit, 525.13, that the vulnerable Safari 3.1 emanates from.

Incognito Mode:

The Chrome browser has a stealth browsing mode called Incognito which will not leave any tracks of where you browse in your history or store any cookies.  This appears to be very similar to the IE8’s InPrivate browsing mode.

Independent Tabs:

Every tab opened in Chrome runs as an independent instance of the browser.  Apparently, if you experience trouble in one tab, the rest of your Chrome environment is safe from the misbehaving tab.  I guess this only works if you don’t browse to the vulnerability mentioned above that crashes your whole browser. 🙂

So what is your take on the new Chrome browser?  Mubix suggests power users should stick with Firefox or will Chrome make the internet less frustrating” as Walt Mossberg declares?